qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Apache-Solr-Velocity-Templa...

68 lines
4.1 KiB
JSON
Raw Blame History

{
"Name": "Apache Solr Velocity Template RCE (CVE-2019-17558)",
"Description": "Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset 'velocity/' directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting 'params.resource.loader.enabled' by defining a response writer with that setting set to 'true'. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is 'trusted' (has been uploaded by an authenticated user).",
"Product": "Apache-Solr",
"Homepage": "",
"DisclosureDate": "2019-12-30",
"Author": "gobysec@gmail.com",
"FofaQuery": "app=\"Apache-Solr\"",
"GobyQuery": "app=\"Apache-Solr\"",
"Level": "3",
"Impact": "Allows remote attackers to execute arbitrary code.",
"Recommendation": "Updates are available. https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity",
"References": [
"https://issues.apache.org/jira/browse/SOLR-13971",
"https://lists.apache.org/thread.html/r0b7b9d4113e6ec1ae1d3d0898c645f758511107ea44f0f3a1210c5d5@%3Cissues.lucene.apache.org%3E",
"https://lists.apache.org/thread.html/r12ab2cb15a34e49b4fecb5b2bdd7e10f3e8b7bf1f4f47fcde34d3a7c@%3Cissues.lucene.apache.org%3E",
"https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66@%3Cdev.lucene.apache.org%3E",
"https://lists.apache.org/thread.html/r25f1bd4545617f5b86dde27b4c30fec73117af65598a30e20209739a@%3Cissues.lucene.apache.org%3E",
"https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51@%3Cdev.lucene.apache.org%3E",
"https://lists.apache.org/thread.html/r36e35fd76239a381643555966fb3e72139e018d52d76544fb42f96d8@%3Cissues.lucene.apache.org%3E",
"https://lists.apache.org/thread.html/r5074d814d3a8c75df4b20e66bfd268ee0a73ddea7e85070cec3ae78d@%3Cissues.lucene.apache.org%3E",
"https://lists.apache.org/thread.html/r58c58fe51c87bc30ee13bb8b4c83587f023edb349018705208e65b37@%3Cissues.lucene.apache.org%3E",
"https://lists.apache.org/thread.html/r9271d030452170ba6160c022757e1b5af8a4c9ccf9e04164dec02e7f@%3Cissues.lucene.apache.org%3E",
"https://lists.apache.org/thread.html/r99c3f7ec3a079e2abbd540ecdb55a0e2a0f349ca7084273a12e87aeb@%3Cissues.lucene.apache.org%3E",
"https://lists.apache.org/thread.html/ra29fa6ede5184385bf2c63e8ec054990a7d4622bba1d244bee70d82d@%3Cissues.lucene.apache.org%3E",
"https://lists.apache.org/thread.html/rafc939fdd753f55707841cd5886fc7fcad4d8d8ba0c72429b3220a9a@%3Cissues.lucene.apache.org%3E",
"https://lists.apache.org/thread.html/rb964fe5c4e3fc05f75e8f74bf6b885f456b7a7750c36e9a8045c627a@%3Cissues.lucene.apache.org%3E",
"https://lists.apache.org/thread.html/rde3dbd8e646dabf8bef1b097e9a13ee0ecbdb8441aaed6092726c98d@%3Cissues.ambari.apache.org%3E",
"https://lists.apache.org/thread.html/rf6d7ffae2b940114324e036b6394beadf27696d051ae0c4a5edf07af@%3Cissues.lucene.apache.org%3E",
"https://nvd.nist.gov/vuln/detail/CVE-2019-17558",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17558"
],
"HasExp": true,
"ExpParams": [{
"name": "AttackType",
"type": "select",
"value": "goby_shell_linux,cmd"
},{
"name": "cmd",
"type": "input",
"value": "whoami",
"show": "AttackType=cmd"
},
{
"name": "CMDEncode",
"type": "select",
"value": "echo,bashBase64",
"show": "AttackType=cmd"
}],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": null,
"ExploitSteps": null,
"Tags": null,
"CVEIDs": [
"CVE-2019-17558"
],
"CVSSScore": "7.5",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink